[CLUE-Tech] possible breakin attempt
Joseph A. Nagy, Jr.
jnagyjr at joseph-a-nagy-jr.us
Thu Oct 28 13:05:57 MDT 2004
On Thu, Oct 28, 2004 at 01:00:21PM -0600, Chris Schock wrote the following:
> Google should have a wealth of info on this. It means that the reverse DNS
> was not the same as the forward DNS. Can you verify that the IP address is
> legitimate?
>
> Since it's from Asia, I'd guess not.
>
> There is and has been a wealth of SSH attempts that have been happening
> over the last month or two. They connect and try to login into a dozen or
> two accounts. I wouldn't be overly concerned, I get these daily. Just make
> sure that the users they're trying to get into either don't exist or have
> cery good passwords. Also, disable remote root logins. I think by default
> SSH allows that.
I don't know about your ssh setup, but mine by default disallows it. Perhaps
that's due to the maintainer of the ebuild patching it that way.
<snip>
Oddly enough no one has bothered my machine.
--
AIM: pres CTHULHU | ICQ: 18115568 | Yahoo: pagan_prince
Jabber: DarkKnightRadick@(jabber.org|amessage.at) | Libertarian @ Large
PGP: 0x642F7BDA | < http://groups.yahoo.com/group/tennesseans-for-badnarik/ >
< http://mc-luug.homelinux.org/mailman/listinfo/mc-luug >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://cluedenver.org/pipermail/clue-tech/attachments/20041028/def46178/attachment.bin
More information about the clue-tech
mailing list